b'OFFICE OF INSPECTOR GENERAL\n\n\nAUDIT OF USAID\xe2\x80\x99S FISCAL\nYEAR 2014 COMPLIANCE WITH\nTHE FEDERAL INFORMATION\nSECURITY MANAGEMENT ACT\nOF 2002\nAUDIT REPORT NO. A-000-15-003-P\nOctober 30, 2014\n\n\n\nWASHINGTON, DC\n\x0cThis is a summary of our report on the \xe2\x80\x9cAudit of USAID\xe2\x80\x99s Fiscal Year 2014 Compliance With the\nFederal Information Security Management Act of 2002.\xe2\x80\x9d Referred to as FISMA, the act requires\nagencies to develop, document, and implement an agency-wide information security program to\nprotect their information and information systems, including those provided or managed by\nanother agency, contractor, or source. FISMA also requires agencies to have an annual\nassessment of their information systems.\n\nThe Office of Inspector General (OIG) contracted with the independent certified public\naccounting firm of Cotton & Company LLP to conduct the audit. Cotton was required to conduct\nthe audit in accordance with U.S. Government auditing standards. The objective was to\ndetermine whether USAID implemented selected minimum security controls for selected\ninformation systems in support of FISMA.\n\nThe audit concluded that USAID does not comply with FISMA. Although the Agency has\ndeveloped and documented the majority of the information security policies and procedures\nrequired under the act, USAID has not established an effective risk management program to\nensure that policies and procedures are assessed and working as intended. Consequently, the\naudit found a number of information system weaknesses that, if exploited, could adversely affect\nthe confidentiality, integrity, and availability of USAID\xe2\x80\x99s data and information systems, and\nultimately could have a negative impact on the Agency\xe2\x80\x99s ability to protect the security of its\ninformation or information systems.\n\nOIG made 18 recommendations to address the weaknesses identified and to help USAID\nstrengthen its information security program. Management decisions were made on all of them.\n\x0cU.S. Agency for International Development\n       Office of Inspector General\n       1300 Pennsylvania Ave, NW\n         Washington, D.C. 20523\n            Tel: (202) 712-1150\n           Fax: (202) 216-3047\n           http://oig.usaid.gov\n\x0c'